Privacy initiatives

We constantly carry out kaizen to respect privacy.

Through providing our products and services Toyota deals with various type of information which may include personal information and privacy-related information.

Toyota protects this information and strives to ensure that the person in question has as much control over their own information as possible and that their will is respected.

What Toyota cares about

  1. We respect privacy.
  2. We will use the information in a way that is useful to people and the society.
  3. We will always manage and protect information properly.
  4. We will work with related parties to manage and protect information.
  5. We will strive to ensure transparency by disseminating information.

Privacy protection system

Toyota has established a companiy-wide cross-sectional governance system to achieve respect for privacy of our customers. Under the control of the Chief Privacy Officer (CPOs), managers are assigned for each business section, and the Privacy Governance Management Meeting shares and examines issues in each field and consumer communication.

When important privacy-related incidents occur, we quickly identify the incidents, report them to the CPO and management executives, and then take countermeasures.

In addition, we have established an advisory board composed of external experts and are working to build a system that incorporates the perspective of a third party to ensure that privacy is appropriately considered.

Privacy protection system

Members of the Advisory Board (in alphabetical order by family name)

Name Title & Affiliation
Kaori Ishii Professor, Chuo University
Noriya Ishikawa Partner, Nishimura & Asahi
Ryoji Mori Attorney at law, Cyber Law Japan Eichi Law Offices
Toshiko Sawada Director, EC Network
George Shishido Professor, The University of Tokyo (Chair)
Katsumi Takahashi Chief Security Scientist, NTT Social Informatics Laboratories

Privacy education

Toyota continues to educate its employees by introducing case studies and providing training through e-learning.

In addition, we have established a Privacy Code of Conduct based on the Toyota Philosophy and the Toyota Way 2020, to define the direction that our company and employee should take.

By complying with the Privacy Code of Conduct, we strive to provide products and services that are sympathetic towards society and people.

Furthermore, in handling data we are making efforts to inform employees of information about security, including procedures for preventing information leakage and responding to cyber attacks from outside, as well as to educate employees through e-learning.

Privacy Code of Conduct

Privacy Code of Conduct

PIA (Privacy Impact Assessment)

Toyota incorporates PIA to verify that the products and services we provide are privacy-conscious.

PIA is a mechanism for evaluating how products and services that deal with information related to personal and privacy-related information affect privacy.

We are promoting the introduction of PIA so that everyone can use our products and services with a peace of mind.

Security

Under the Chief Information & Security Officer (CISO), Toyota assigns a person in charge of each security area and carries out activities accordingly.

Activities in each security area and common issues for the whole are shared and examined by the Information Security Promotion Council to improve information security for Toyota as a whole.

In addition, when a serious incident occurs, we promptly confirm the incident and report it to the management including the director, and analyze the cause and take countermeasures.

Security

Toyota Groups' initiatives

Toyota has established the "All-Toyota Security Guidelines (ATSG)" for Toyota Motor Corporation, its subsidiaries and affiliates as a mechanism to prevent information leaks from inside and to respond to cyber attacks that are becoming increasingly sophisticated and complex year by year.

Based on ISO 27001/27002, NIST (National Institute of Standards and Technology) Cyber Security Framework, the Ministry of Economy, Trade and Industry's Cyber Security Management Guidelines, and other guidelines, ATSG has established organizational controls, personnel controls, technical controls, and physical controls as well as systems for responding to incidents and accidents. These measures help ensure information security from a variety of perspectives. ATSG is regularly reviewed to cope with recent environmental changes.

We also strive to maintain and improve the information security of each company on a continuous basis by conducting ATSG of the status of each company's information security efforts.

Since fiscal 2018, a specialized Toyota Motor Corporation team has been continuously engaged in auditing activities (confirmation of the actual status of ATSG responses of each company and the status of physical security measures) at all consolidated subsidiaries.

Structure for ATSG Implementation at Subsidiaries and Affiliates

Related Information

  • Sustainability Data Book
    Sustainability Data Book
    This data book summarizes Toyota's sustainability policy, initiatives, and activities of previous year.